From 738892e281b16e092079897b65e3f0617269fc01 Mon Sep 17 00:00:00 2001 From: John Marino Date: Tue, 23 Apr 2013 13:38:06 +0200 Subject: [PATCH] libexpat (libbsdxml): Upgrade from version 2.0.1 to 2.1.0 This is a security update. Bug fixes since Release 2.0.1: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository. --- contrib/expat/README.DELETED | 22 ++++++++++++++++++++ contrib/expat/README.DRAGONFLY | 14 ++++++++++--- lib/libexpat/expat_config.h | 38 +++++++++++++++++++--------------- 3 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 contrib/expat/README.DELETED diff --git a/contrib/expat/README.DELETED b/contrib/expat/README.DELETED new file mode 100644 index 0000000000..18903f4d2c --- /dev/null +++ b/contrib/expat/README.DELETED @@ -0,0 +1,22 @@ +CMake.README +CMakeLists.txt +ConfigureChecks.cmake +MANIFEST +Makefile.in +README +aclocal.m4 +amiga/ +bcb5/ +configure +configure.in +conftools/ +doc/ +examples/ +expat.dsw +expat.pc.in +expat_config.h.cmake +m4/ +tests/ +vms/ +win32/ +xmlwf/ diff --git a/contrib/expat/README.DRAGONFLY b/contrib/expat/README.DRAGONFLY index f9995882c5..0c0e7ba57f 100644 --- a/contrib/expat/README.DRAGONFLY +++ b/contrib/expat/README.DRAGONFLY @@ -1,4 +1,12 @@ -Import expat-2.0.1 +EXPAT 2.1.0 +=========== -Original source is availale from: -http://sourceforge.net/projects/expat/files/expat/2.0.1/expat-2.0.1.tar.gz/download +Original source can be downloaded from: +http://sourceforge.net/projects/expat/files/expat/2.1.0 + +file = expat-2.1.0.tar.gz +date = 24 March 2012 +size = 562616 +sha1 = b08197d146930a5543a7b99e871cba3da614f6f0 + +A list of files and directories removed is in README.DELETED diff --git a/lib/libexpat/expat_config.h b/lib/libexpat/expat_config.h index bac9ae5248..724f47f1d0 100644 --- a/lib/libexpat/expat_config.h +++ b/lib/libexpat/expat_config.h @@ -1,13 +1,8 @@ -/* $FreeBSD: src/lib/libexpat/expat_config.h,v 1.2 2007/04/24 06:29:27 phk Exp $ */ - -#include +/* expat_config.h. Generated from expat_config.h.in by configure. */ +/* expat_config.h.in. Generated from configure.in by autoheader. */ /* 1234 = LIL_ENDIAN, 4321 = BIGENDIAN */ -#if BYTE_ORDER == LITTLE_ENDIAN #define BYTEORDER 1234 -#else -#define BYTEORDER 4321 -#endif /* Define to 1 if you have the `bcopy' function. */ #define HAVE_BCOPY 1 @@ -45,6 +40,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_PARAM_H 1 + /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 @@ -54,30 +52,33 @@ /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#define LT_OBJDIR ".libs/" + /* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "expat-bugs@mail.libexpat.org" +#define PACKAGE_BUGREPORT "expat-bugs@libexpat.org" /* Define to the full name of this package. */ #define PACKAGE_NAME "expat" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "expat 1.95.5" +#define PACKAGE_STRING "expat 2.1.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "expat" +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.95.5" +#define PACKAGE_VERSION "2.1.0" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* whether byteorder is bigendian */ -#if BYTE_ORDER == BIG_ENDIAN -#define WORDS_BIGENDIAN -#else -#undef WORDS_BIGENDIAN -#endif +/* #undef WORDS_BIGENDIAN */ /* Define to specify how much context to retain around the current parse point. */ @@ -89,11 +90,14 @@ /* Define to make XML Namespaces functionality available. */ #define XML_NS 1 +/* Define to __FUNCTION__ or "" if `__func__' does not conform to ANSI C. */ +/* #undef __func__ */ + /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ -/* Define to `long' if does not define. */ +/* Define to `long int' if does not define. */ /* #undef off_t */ -/* Define to `unsigned' if does not define. */ +/* Define to `unsigned int' if does not define. */ /* #undef size_t */ -- 2.41.0